Don't like the snow? You can make a bookmark with the following text instead of a url: javascript:snowStorm.toggleSnow(). Clicking it will toggle the snow on and off.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

just a quick warning phpBB Hack

dragonsamadragonsama Registered User regular
I'm sure alpha is already on top of this but i figured I'd post it herein case this news went un-noticed.

http://www.p2pnet.net/story/8253
phpBB mass-hack warning

p2p news / p2pnet: Bots are registering user accounts on phpBB forums, "raising concerns that the bot's authors are laying the groundwork for mass exploitation down the road," warns Netcraft.


One such showed up on Digg, yesterday. "During the last few days a bot using a name FuntKlakow, has been registering to maybe thousands of phpBB forums," says the post. "During the last few days a bot using a name FuntKlakow, has been registering to maybe thousands of phpBB forums."

FuntKlakow's post signatures have included links to proxy surfing and traffic generator services, "raising the prospect that its goal may be spam rather than exploits,"says Netcraft.


"Bot is also capable for posting to forums, says Juuso Hukkanen on newsreader. "But most on most forums the bot keeps silent.


"Ok, what is a danger? Next time the phpBB announces a critical vulnerability, the bot would have everything ready (just a post click away) from attacking thousands of sites/forums.


"Best defence against these kinds of bot-members, might be setting up honeypot-forums, which the search engines can find but to which there are no permanent links from the web. When new bot-members are detected, such would be listed at each particular forum makers homepage.


"When a bot would then try to register to a forum, the forum program would check the user/bot inputted user-name (or other characteristics) and if those would match to those catched by a honeypot-forums, registering such user detais would be eliminated ( and possible IP banned for some time)."

Nor is this the first time phpBB has been in the news with security problems.

phpBB has been banned by some web hosts but, "That hasn't prevented a 79 percent increase in active sites using phpBB between June and December of 2005, according to data from our Web Server Survey and related datasets," adds Netcraft.

I'm pretty sure we are ok over here since Alpla is running a heavily modified version of this right?

dragonsama on

Posts

  • wasted lifewasted life Registered User
    edited March 2006
    I was bored so I looked through the memberlist. So far, no one has joined with that username. It can probably use other usernames though, so I guess it was moot. Man, that was a lot of users though.

    Now Playing: Picross (DS), Phantom Hourglass (DS), GOD HAND (PS2), No More Heroes (Wii)
    My Backlog
    Super Saver Comics!
  • RocketScienceRocketScience Registered User regular
    edited March 2006
    If you go to your PM inbox and start a new message you can search for usernames.

  • FyreWulffFyreWulff Registered User, ClubPA regular
    edited March 2006
    this is why I don't wonder how phpBB has yet to implement a fucking captcha generator into the registeration page.

    i've used e107, which rivals phpBB in common-sense programming mistakes and design flaws, and even they have a captcha generator for registration and login.

Sign In or Register to comment.